ptylogin Modem Login Password Theft

1999-01-27T00:00:00
ID OSVDB:5879
Type osvdb
Reporter Marc Schaefer(schaefer@alphanet.ch)
Modified 1999-01-27T00:00:00

Description

Vulnerability Description

UNIX modem tty contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to passwords when has access to the modem tty when dialing into a UNIX system, which may lead to a loss of confidentiality, integrity and/or availability.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): use the mgetty-1.1.20 provided ``ptylogin'' program as login program, or you use rlogin.

Short Description

UNIX modem tty contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to passwords when has access to the modem tty when dialing into a UNIX system, which may lead to a loss of confidentiality, integrity and/or availability.

References:

Related OSVDB ID: 5877 Related OSVDB ID: 5878 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/1999_1/0407.html ISS X-Force ID: 1681 CVE-1999-0359